cat > /root/install-xray-reality-nat.sh <<‘EOF’
#!/bin/sh
set -e
clear
echo “============================================================”
echo ” Alpine NAT TCP 一键安装 Xray VLESS Reality”
echo ” 适合:NAT VPS 只支持 TCP 端口映射的场景”
echo “============================================================”
echo “”
input_required() {
PROMPT=”$1″
VAR_NAME=”$2″
while true; do
printf “%s” “$PROMPT”
read VALUE
if [ -n “$VALUE” ]; then
eval “$VAR_NAME=\”\$VALUE\””
break
fi
echo “不能为空,请重新输入。”
done
}
input_optional() {
PROMPT=”$1″
DEFAULT_VALUE=”$2″
VAR_NAME=”$3″
printf “%s” “$PROMPT”
read VALUE
if [ -z “$VALUE” ]; then
VALUE=”$DEFAULT_VALUE”
fi
eval “$VAR_NAME=\”\$VALUE\””
}
check_port() {
PORT=”$1″
NAME=”$2″
case “$PORT” in
”|*[!0-9]*)
echo “错误:${NAME} 必须是数字端口”
exit 1
;;
esac
if [ “$PORT” -lt 1 ] || [ “$PORT” -gt 65535 ]; then
echo “错误:${NAME} 必须在 1-65535 之间”
exit 1
fi
}
input_required “请输入公网 IP 或域名,例如 hinet-1.lazycat.cv: ” DOMAIN
input_required “请输入公网端口,例如 11112: ” PUBLIC_PORT
input_required “请输入映射的内部端口,例如 90: ” LOCAL_PORT
input_optional “请输入 Reality 伪装域名 SNI,默认 www.microsoft.com: ” “www.microsoft.com” SNI
input_optional “请输入节点名称,默认 NAT-VLESS-Reality: ” “NAT-VLESS-Reality” NAME
check_port “$PUBLIC_PORT” “公网端口”
check_port “$LOCAL_PORT” “内部端口”
DEST=”${SNI}:443″
echo “”
echo “================= 配置信息确认 =================”
echo “公网地址: ${DOMAIN}”
echo “公网端口: ${PUBLIC_PORT}”
echo “内部端口: ${LOCAL_PORT}”
echo “Reality SNI: ${SNI}”
echo “Reality Dest: ${DEST}”
echo “节点名称: ${NAME}”
echo “================================================”
echo “”
printf “确认安装?输入 y 继续: ”
read CONFIRM
if [ “$CONFIRM” != “y” ] && [ “$CONFIRM” != “Y” ]; then
echo “已取消安装。”
exit 0
fi
echo “”
echo “>>> 安装依赖…”
apk update
apk add –no-cache curl wget unzip openssl ca-certificates iproute2 sed grep coreutils openrc
echo “>>> 停止旧 xray…”
rc-service xray stop >/dev/null 2>&1 || true
rc-update del xray default >/dev/null 2>&1 || true
echo “>>> 准备目录…”
mkdir -p /usr/local/bin /usr/local/etc/xray /var/log/xray /tmp/xray-install /run
cd /tmp/xray-install
rm -rf ./*
echo “>>> 检测系统架构…”
ARCH=”$(uname -m)”
case “$ARCH” in
x86_64|amd64)
XRAY_ZIP=”Xray-linux-64.zip”
;;
aarch64|arm64)
XRAY_ZIP=”Xray-linux-arm64-v8a.zip”
;;
armv7l|armv7)
XRAY_ZIP=”Xray-linux-arm32-v7a.zip”
;;
armv6l|armv6)
XRAY_ZIP=”Xray-linux-arm32-v6.zip”
;;
i386|i686)
XRAY_ZIP=”Xray-linux-32.zip”
;;
*)
echo “错误:暂不支持的架构: $ARCH”
exit 1
;;
esac
echo “>>> 下载 Xray: ${XRAY_ZIP}”
wget -O xray.zip “https://github.com/XTLS/Xray-core/releases/latest/download/${XRAY_ZIP}”
echo “>>> 解压安装 Xray…”
unzip -o xray.zip
install -m 755 xray /usr/local/bin/xray
if [ -f geoip.dat ]; then
install -m 644 geoip.dat /usr/local/etc/xray/geoip.dat
fi
if [ -f geosite.dat ]; then
install -m 644 geosite.dat /usr/local/etc/xray/geosite.dat
fi
echo “>>> 生成 UUID…”
UUID=”$(/usr/local/bin/xray uuid | tr -d ‘\r\n ‘)”
echo “>>> 生成 Reality 密钥…”
KEYS=”$(/usr/local/bin/xray x25519)”
PRIVATE_KEY=”$(printf ‘%s\n’ “$KEYS” | sed -n ‘s/^PrivateKey:[[:space:]]*//p; s/^Private key:[[:space:]]*//Ip’ | head -n 1 | tr -d ‘\r\n ‘)”
PUBLIC_KEY=”$(printf ‘%s\n’ “$KEYS” | sed -n ‘s/^Password (PublicKey):[[:space:]]*//p; s/^PublicKey:[[:space:]]*//p; s/^Public key:[[:space:]]*//Ip’ | head -n 1 | tr -d ‘\r\n ‘)”
SHORT_ID=”$(openssl rand -hex 8 | tr -d ‘\r\n ‘)”
echo “>>> 检查生成结果…”
if [ -z “$UUID” ]; then
echo “错误:UUID 为空”
exit 1
fi
if [ -z “$PRIVATE_KEY” ]; then
echo “错误:PrivateKey 为空”
echo “xray x25519 原始输出如下:”
printf ‘%s\n’ “$KEYS”
exit 1
fi
if [ -z “$PUBLIC_KEY” ]; then
echo “错误:PublicKey 为空”
echo “xray x25519 原始输出如下:”
printf ‘%s\n’ “$KEYS”
exit 1
fi
if [ -z “$SHORT_ID” ]; then
echo “错误:ShortId 为空”
exit 1
fi
echo “UUID: ${UUID}”
echo “PublicKey: ${PUBLIC_KEY}”
echo “ShortId: ${SHORT_ID}”
echo “>>> 写入 Xray 配置…”
cat > /usr/local/etc/xray/config.json <<XRAYCONF
{
“log”: {
“loglevel”: “warning”,
“access”: “/var/log/xray/access.log”,
“error”: “/var/log/xray/error.log”
},
“inbounds”: [
{
“tag”: “vless-reality-in”,
“listen”: “0.0.0.0”,
“port”: ${LOCAL_PORT},
“protocol”: “vless”,
“settings”: {
“clients”: [
{
“id”: “${UUID}”
}
],
“decryption”: “none”
},
“streamSettings”: {
“network”: “tcp”,
“security”: “reality”,
“realitySettings”: {
“show”: false,
“dest”: “${DEST}”,
“xver”: 0,
“serverNames”: [
“${SNI}”
],
“privateKey”: “${PRIVATE_KEY}”,
“shortIds”: [
“${SHORT_ID}”
]
}
}
}
],
“outbounds”: [
{
“protocol”: “freedom”,
“tag”: “direct”
}
]
}
XRAYCONF
echo “>>> 写入 OpenRC 服务…”
cat > /etc/init.d/xray <<‘OPENRC’
#!/sbin/openrc-run
name=”xray”
command=”/usr/local/bin/xray”
command_args=”run -config /usr/local/etc/xray/config.json”
command_background=”yes”
pidfile=”/run/xray.pid”
output_log=”/var/log/xray/xray.log”
error_log=”/var/log/xray/xray.err”
depend() {
need net
}
OPENRC
chmod +x /etc/init.d/xray
echo “>>> 检查 Xray 配置…”
/usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json
echo “>>> 启动 Xray…”
rc-update add xray default >/dev/null 2>&1 || true
rc-service xray restart
sleep 1
echo “>>> 检查监听端口…”
if ! ss -lntp | grep “:${LOCAL_PORT}” >/dev/null 2>&1; then
echo “错误:Xray 没有监听 ${LOCAL_PORT} 端口”
echo “请查看日志:”
echo “cat /var/log/xray/error.log”
echo “cat /var/log/xray/xray.err”
exit 1
fi
VLESS_LINK=”vless://${UUID}@${DOMAIN}:${PUBLIC_PORT}?encryption=none&security=reality&sni=${SNI}&fp=chrome&pbk=${PUBLIC_KEY}&sid=${SHORT_ID}&spx=%2F&type=tcp&headerType=none#${NAME}”
echo “$VLESS_LINK” > /root/vless-link.txt
cat > /root/vless-info.txt <<INFO
节点名称: ${NAME}
地址: ${DOMAIN}
公网端口: ${PUBLIC_PORT}
UUID: ${UUID}
加密: none
传输协议: tcp
TLS: reality
SNI: ${SNI}
Fingerprint: chrome
PublicKey: ${PUBLIC_KEY}
ShortId: ${SHORT_ID}
SpiderX: /
Flow: 留空
内部监听端口: ${LOCAL_PORT}
NAT 映射要求: TCP ${PUBLIC_PORT} -> ${LOCAL_PORT}
INFO
echo “”
echo “============================================================”
echo “安装完成”
echo “============================================================”
echo “”
echo “请确认 NAT 面板映射为:”
echo “”
echo “TCP ${PUBLIC_PORT} -> ${LOCAL_PORT}”
echo “”
echo “============================================================”
echo “复制下面这一整行到 v2rayN / v2rayNG 导入:”
echo “============================================================”
echo “”
cat /root/vless-link.txt
echo “”
echo “”
echo “============================================================”
echo “手动填写信息:”
echo “============================================================”
cat /root/vless-info.txt
echo “============================================================”
echo “”
echo “常用命令:”
echo “查看链接: cat /root/vless-link.txt”
echo “查看参数: cat /root/vless-info.txt”
echo “查看状态: rc-service xray status”
echo “查看监听: ss -lntp | grep ‘:${LOCAL_PORT}'”
echo “查看错误日志: cat /var/log/xray/error.log”
echo “查看服务日志: cat /var/log/xray/xray.err”
echo “重启服务: rc-service xray restart”
echo “停止服务: rc-service xray stop”
echo “============================================================”
EOF
chmod +x /root/install-xray-reality-nat.sh
sh /root/install-xray-reality-nat.sh